|
Understanding Voice over Internet Protocol (VoIP)
With the introduction of VoIP, you can use the internet to make
telephone calls instead of relying on a separate telephone
line. However, the technology does present security risks.
|
What is voice over internet protocol (VoIP)?
Voice over internet protocol (VoIP), also known as IP telephony,
allows you to use your internet connection to make telephone
calls. Instead of relying on an analog line like traditional
telephones, VoIP uses digital technology and requires a high-speed
broadband connection such as DSL or cable. There are a variety of
providers who offer VoIP, and they offer different services. The most
common application of VoIP for personal or home use is internet-based
phone services that rely on a telephone switch. With this application,
you will still have a phone number, will still dial phone numbers, and
will usually have an adapter that allows you to use a regular
telephone. The person you are calling will not likely notice a
difference from a traditional phone call. Some service providers also
offer the ability to use your VoIP adapter any place you have a
high-speed internet connection, allowing you to take it with you when
you travel.
What are the security implications of VoIP?
Because VoIP relies on your internet connection, it may be vulnerable
to any threats and problems that face your computer. The technology is
still new, so there is some controversy about the potential for
attack, but VoIP could make your telephone vulnerable to viruses and
other malicious code. Attackers may be able to perform activities such
as intercepting your communications, eavesdropping, conducting
effective phishing attacks by manipulating your caller ID, and causing
your service to crash (see Avoiding Social
Engineering and Phishing Attacks and Understanding
Denial-of-Service Attacks for more information). Activities that
consume a large amount of network resources, like large file
downloads, online gaming, and streaming multimedia, will also affect
your VoIP service.
There are also inherent problems to routing your telephone over your
broadband connection. Unlike traditional telephone lines, which
operate despite an electrical outage, if you lose power, your VoIP may
be unavailable. There are also concerns that home security systems or
emergency numbers such as 911 may not work the way you expect.
How can you protect yourself?
- Keep software up to date - If the vendor releases patches
for the software operating your device, install them as soon as
possible. These patches may be called firmware updates. Installing
them will prevent attackers from being able to take advantage of known
problems or vulnerabilities (see Understanding
Patches for more information).
- Use and maintain anti-virus software - Anti-virus software
recognizes and protects your computer against most known
viruses. However, attackers are continually writing new viruses, so it
is important to keep your anti-virus software current (see Understanding
Anti-Virus Software for more information).
- Take advantage of security options - Some service
providers may offer encryption as one of their services. If you are
concerned about privacy and confidentiality, you may want to consider
this and other available options.
- Install or enable a firewall - Firewalls may be able to
prevent some types of infection by blocking malicious traffic before
it can enter your computer (see Understanding
Firewalls for more information). Some operating systems actually
include a firewall, but you need to make sure it is enabled.
- Evaluate your security settings - Both your computer and
your VoIP equipment/software offer a variety of features that you can
tailor to meet your needs and requirements. However, enabling certain
features may leave you more vulnerable to being attacked, so disable
any unnecessary features. Examine your settings, particularly the
security settings, and select options that meet your needs without
putting you at increased risk.
Additional information
Author: Mindi McDowell
Produced 2005 by US-CERT, a government organization. Terms of use
|
|
|
Last
updated
September 3, 2008
|
|